1#!/bin/sh 2 3# compat.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19# 20# Purpose 21# 22# Test interoperbility with OpenSSL, GnuTLS as well as itself. 23# 24# Check each common ciphersuite, with each version, both ways (client/server), 25# with and without client authentication. 26 27set -u 28 29# Limit the size of each log to 10 GiB, in case of failures with this script 30# where it may output seemingly unlimited length error logs. 31ulimit -f 20971520 32 33# initialise counters 34TESTS=0 35FAILED=0 36SKIPPED=0 37SRVMEM=0 38 39# default commands, can be overridden by the environment 40: ${M_SRV:=../programs/ssl/ssl_server2} 41: ${M_CLI:=../programs/ssl/ssl_client2} 42: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system 43: ${GNUTLS_CLI:=gnutls-cli} 44: ${GNUTLS_SERV:=gnutls-serv} 45 46# do we have a recent enough GnuTLS? 47if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then 48 G_VER="$( $GNUTLS_CLI --version | head -n1 )" 49 if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version 50 PEER_GNUTLS=" GnuTLS" 51 else 52 eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' ) 53 if [ $MAJOR -lt 3 -o \ 54 \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \ 55 \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ] 56 then 57 PEER_GNUTLS="" 58 else 59 PEER_GNUTLS=" GnuTLS" 60 if [ $MINOR -lt 4 ]; then 61 GNUTLS_MINOR_LT_FOUR='x' 62 fi 63 fi 64 fi 65else 66 PEER_GNUTLS="" 67fi 68 69# default values for options 70MODES="tls1 tls1_1 tls12 dtls1 dtls12" 71VERIFIES="NO YES" 72TYPES="ECDSA RSA PSK" 73FILTER="" 74# exclude: 75# - NULL: excluded from our default config 76# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions 77# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) 78# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 79# - ChachaPoly: requires OpenSSL >= 1.1.0 80# - 3DES: not in default config 81EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' 82VERBOSE="" 83MEMCHECK=0 84PEERS="OpenSSL$PEER_GNUTLS mbedTLS" 85 86# hidden option: skip DTLS with OpenSSL 87# (travis CI has a version that doesn't work for us) 88: ${OSSL_NO_DTLS:=0} 89 90print_usage() { 91 echo "Usage: $0" 92 printf " -h|--help\tPrint this help.\n" 93 printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER" 94 printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE" 95 printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES" 96 printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES" 97 printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES" 98 printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS" 99 printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" 100 printf " -M|--memcheck\tCheck memory leaks and errors.\n" 101 printf " -v|--verbose\tSet verbose output.\n" 102} 103 104get_options() { 105 while [ $# -gt 0 ]; do 106 case "$1" in 107 -f|--filter) 108 shift; FILTER=$1 109 ;; 110 -e|--exclude) 111 shift; EXCLUDE=$1 112 ;; 113 -m|--modes) 114 shift; MODES=$1 115 ;; 116 -t|--types) 117 shift; TYPES=$1 118 ;; 119 -V|--verify) 120 shift; VERIFIES=$1 121 ;; 122 -p|--peers) 123 shift; PEERS=$1 124 ;; 125 -v|--verbose) 126 VERBOSE=1 127 ;; 128 -M|--memcheck) 129 MEMCHECK=1 130 ;; 131 -h|--help) 132 print_usage 133 exit 0 134 ;; 135 *) 136 echo "Unknown argument: '$1'" 137 print_usage 138 exit 1 139 ;; 140 esac 141 shift 142 done 143 144 # sanitize some options (modes checked later) 145 VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )" 146 TYPES="$( echo $TYPES | tr [a-z] [A-Z] )" 147} 148 149log() { 150 if [ "X" != "X$VERBOSE" ]; then 151 echo "" 152 echo "$@" 153 fi 154} 155 156# is_dtls <mode> 157is_dtls() 158{ 159 test "$1" = "dtls1" -o "$1" = "dtls12" 160} 161 162# minor_ver <mode> 163minor_ver() 164{ 165 case "$1" in 166 ssl3) 167 echo 0 168 ;; 169 tls1) 170 echo 1 171 ;; 172 tls1_1|dtls1) 173 echo 2 174 ;; 175 tls12|dtls12) 176 echo 3 177 ;; 178 *) 179 echo "error: invalid mode: $MODE" >&2 180 # exiting is no good here, typically called in a subshell 181 echo -1 182 esac 183} 184 185filter() 186{ 187 LIST="$1" 188 NEW_LIST="" 189 190 if is_dtls "$MODE"; then 191 EXCLMODE="$EXCLUDE"'\|RC4\|ARCFOUR' 192 else 193 EXCLMODE="$EXCLUDE" 194 fi 195 196 for i in $LIST; 197 do 198 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )" 199 done 200 201 # normalize whitespace 202 echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//' 203} 204 205# OpenSSL 1.0.1h with -Verify wants a ClientCertificate message even for 206# PSK ciphersuites with DTLS, which is incorrect, so disable them for now 207check_openssl_server_bug() 208{ 209 if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \ 210 echo "$1" | grep "^TLS-PSK" >/dev/null; 211 then 212 SKIP_NEXT="YES" 213 fi 214} 215 216filter_ciphersuites() 217{ 218 if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; 219 then 220 # Ciphersuite for mbed TLS 221 M_CIPHERS=$( filter "$M_CIPHERS" ) 222 223 # Ciphersuite for OpenSSL 224 O_CIPHERS=$( filter "$O_CIPHERS" ) 225 226 # Ciphersuite for GnuTLS 227 G_CIPHERS=$( filter "$G_CIPHERS" ) 228 fi 229 230 # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL 231 # supports from the s_server help. (The s_client help isn't 232 # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it. 233 # But the s_server help seems to be accurate.) 234 if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then 235 M_CIPHERS="" 236 O_CIPHERS="" 237 fi 238 239 # For GnuTLS client -> mbed TLS server, 240 # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails 241 if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then 242 G_CIPHERS="" 243 fi 244} 245 246reset_ciphersuites() 247{ 248 M_CIPHERS="" 249 O_CIPHERS="" 250 G_CIPHERS="" 251} 252 253# Ciphersuites that can be used with all peers. 254# Since we currently have three possible peers, each ciphersuite should appear 255# three times: in each peer's list (with the name that this peer uses). 256add_common_ciphersuites() 257{ 258 case $TYPE in 259 260 "ECDSA") 261 if [ `minor_ver "$MODE"` -gt 0 ] 262 then 263 M_CIPHERS="$M_CIPHERS \ 264 TLS-ECDHE-ECDSA-WITH-NULL-SHA \ 265 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \ 266 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ 267 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ 268 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ 269 " 270 G_CIPHERS="$G_CIPHERS \ 271 +ECDHE-ECDSA:+NULL:+SHA1 \ 272 +ECDHE-ECDSA:+ARCFOUR-128:+SHA1 \ 273 +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ 274 +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ 275 +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ 276 " 277 O_CIPHERS="$O_CIPHERS \ 278 ECDHE-ECDSA-NULL-SHA \ 279 ECDHE-ECDSA-RC4-SHA \ 280 ECDHE-ECDSA-DES-CBC3-SHA \ 281 ECDHE-ECDSA-AES128-SHA \ 282 ECDHE-ECDSA-AES256-SHA \ 283 " 284 fi 285 if [ `minor_ver "$MODE"` -ge 3 ] 286 then 287 M_CIPHERS="$M_CIPHERS \ 288 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 289 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ 290 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 291 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ 292 " 293 G_CIPHERS="$G_CIPHERS \ 294 +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ 295 +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ 296 +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ 297 +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ 298 " 299 O_CIPHERS="$O_CIPHERS \ 300 ECDHE-ECDSA-AES128-SHA256 \ 301 ECDHE-ECDSA-AES256-SHA384 \ 302 ECDHE-ECDSA-AES128-GCM-SHA256 \ 303 ECDHE-ECDSA-AES256-GCM-SHA384 \ 304 " 305 fi 306 ;; 307 308 "RSA") 309 M_CIPHERS="$M_CIPHERS \ 310 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 311 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ 312 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ 313 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ 314 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \ 315 TLS-RSA-WITH-AES-256-CBC-SHA \ 316 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \ 317 TLS-RSA-WITH-AES-128-CBC-SHA \ 318 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \ 319 TLS-RSA-WITH-3DES-EDE-CBC-SHA \ 320 TLS-RSA-WITH-RC4-128-SHA \ 321 TLS-RSA-WITH-RC4-128-MD5 \ 322 TLS-RSA-WITH-NULL-MD5 \ 323 TLS-RSA-WITH-NULL-SHA \ 324 " 325 G_CIPHERS="$G_CIPHERS \ 326 +DHE-RSA:+AES-128-CBC:+SHA1 \ 327 +DHE-RSA:+AES-256-CBC:+SHA1 \ 328 +DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \ 329 +DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \ 330 +DHE-RSA:+3DES-CBC:+SHA1 \ 331 +RSA:+AES-256-CBC:+SHA1 \ 332 +RSA:+CAMELLIA-256-CBC:+SHA1 \ 333 +RSA:+AES-128-CBC:+SHA1 \ 334 +RSA:+CAMELLIA-128-CBC:+SHA1 \ 335 +RSA:+3DES-CBC:+SHA1 \ 336 +RSA:+ARCFOUR-128:+SHA1 \ 337 +RSA:+ARCFOUR-128:+MD5 \ 338 +RSA:+NULL:+MD5 \ 339 +RSA:+NULL:+SHA1 \ 340 " 341 O_CIPHERS="$O_CIPHERS \ 342 DHE-RSA-AES128-SHA \ 343 DHE-RSA-AES256-SHA \ 344 DHE-RSA-CAMELLIA128-SHA \ 345 DHE-RSA-CAMELLIA256-SHA \ 346 EDH-RSA-DES-CBC3-SHA \ 347 AES256-SHA \ 348 CAMELLIA256-SHA \ 349 AES128-SHA \ 350 CAMELLIA128-SHA \ 351 DES-CBC3-SHA \ 352 RC4-SHA \ 353 RC4-MD5 \ 354 NULL-MD5 \ 355 NULL-SHA \ 356 " 357 if [ `minor_ver "$MODE"` -gt 0 ] 358 then 359 M_CIPHERS="$M_CIPHERS \ 360 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ 361 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ 362 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ 363 TLS-ECDHE-RSA-WITH-RC4-128-SHA \ 364 TLS-ECDHE-RSA-WITH-NULL-SHA \ 365 " 366 G_CIPHERS="$G_CIPHERS \ 367 +ECDHE-RSA:+AES-128-CBC:+SHA1 \ 368 +ECDHE-RSA:+AES-256-CBC:+SHA1 \ 369 +ECDHE-RSA:+3DES-CBC:+SHA1 \ 370 +ECDHE-RSA:+ARCFOUR-128:+SHA1 \ 371 +ECDHE-RSA:+NULL:+SHA1 \ 372 " 373 O_CIPHERS="$O_CIPHERS \ 374 ECDHE-RSA-AES256-SHA \ 375 ECDHE-RSA-AES128-SHA \ 376 ECDHE-RSA-DES-CBC3-SHA \ 377 ECDHE-RSA-RC4-SHA \ 378 ECDHE-RSA-NULL-SHA \ 379 " 380 fi 381 if [ `minor_ver "$MODE"` -ge 3 ] 382 then 383 M_CIPHERS="$M_CIPHERS \ 384 TLS-RSA-WITH-AES-128-CBC-SHA256 \ 385 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ 386 TLS-RSA-WITH-AES-256-CBC-SHA256 \ 387 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ 388 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ 389 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ 390 TLS-RSA-WITH-AES-128-GCM-SHA256 \ 391 TLS-RSA-WITH-AES-256-GCM-SHA384 \ 392 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ 393 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ 394 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ 395 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ 396 " 397 G_CIPHERS="$G_CIPHERS \ 398 +RSA:+AES-128-CBC:+SHA256 \ 399 +DHE-RSA:+AES-128-CBC:+SHA256 \ 400 +RSA:+AES-256-CBC:+SHA256 \ 401 +DHE-RSA:+AES-256-CBC:+SHA256 \ 402 +ECDHE-RSA:+AES-128-CBC:+SHA256 \ 403 +ECDHE-RSA:+AES-256-CBC:+SHA384 \ 404 +RSA:+AES-128-GCM:+AEAD \ 405 +RSA:+AES-256-GCM:+AEAD \ 406 +DHE-RSA:+AES-128-GCM:+AEAD \ 407 +DHE-RSA:+AES-256-GCM:+AEAD \ 408 +ECDHE-RSA:+AES-128-GCM:+AEAD \ 409 +ECDHE-RSA:+AES-256-GCM:+AEAD \ 410 " 411 O_CIPHERS="$O_CIPHERS \ 412 NULL-SHA256 \ 413 AES128-SHA256 \ 414 DHE-RSA-AES128-SHA256 \ 415 AES256-SHA256 \ 416 DHE-RSA-AES256-SHA256 \ 417 ECDHE-RSA-AES128-SHA256 \ 418 ECDHE-RSA-AES256-SHA384 \ 419 AES128-GCM-SHA256 \ 420 DHE-RSA-AES128-GCM-SHA256 \ 421 AES256-GCM-SHA384 \ 422 DHE-RSA-AES256-GCM-SHA384 \ 423 ECDHE-RSA-AES128-GCM-SHA256 \ 424 ECDHE-RSA-AES256-GCM-SHA384 \ 425 " 426 fi 427 ;; 428 429 "PSK") 430 M_CIPHERS="$M_CIPHERS \ 431 TLS-PSK-WITH-RC4-128-SHA \ 432 TLS-PSK-WITH-3DES-EDE-CBC-SHA \ 433 TLS-PSK-WITH-AES-128-CBC-SHA \ 434 TLS-PSK-WITH-AES-256-CBC-SHA \ 435 " 436 G_CIPHERS="$G_CIPHERS \ 437 +PSK:+ARCFOUR-128:+SHA1 \ 438 +PSK:+3DES-CBC:+SHA1 \ 439 +PSK:+AES-128-CBC:+SHA1 \ 440 +PSK:+AES-256-CBC:+SHA1 \ 441 " 442 O_CIPHERS="$O_CIPHERS \ 443 PSK-RC4-SHA \ 444 PSK-3DES-EDE-CBC-SHA \ 445 PSK-AES128-CBC-SHA \ 446 PSK-AES256-CBC-SHA \ 447 " 448 ;; 449 esac 450} 451 452# Ciphersuites usable only with Mbed TLS and OpenSSL 453# Each ciphersuite should appear two times, once with its OpenSSL name, once 454# with its Mbed TLS name. 455# 456# NOTE: for some reason RSA-PSK doesn't work with OpenSSL, 457# so RSA-PSK ciphersuites need to go in other sections, see 458# https://github.com/ARMmbed/mbedtls/issues/1419 459# 460# ChachaPoly suites are here rather than in "common", as they were added in 461# GnuTLS in 3.5.0 and the CI only has 3.4.x so far. 462add_openssl_ciphersuites() 463{ 464 case $TYPE in 465 466 "ECDSA") 467 if [ `minor_ver "$MODE"` -gt 0 ] 468 then 469 M_CIPHERS="$M_CIPHERS \ 470 TLS-ECDH-ECDSA-WITH-NULL-SHA \ 471 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \ 472 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ 473 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ 474 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ 475 " 476 O_CIPHERS="$O_CIPHERS \ 477 ECDH-ECDSA-NULL-SHA \ 478 ECDH-ECDSA-RC4-SHA \ 479 ECDH-ECDSA-DES-CBC3-SHA \ 480 ECDH-ECDSA-AES128-SHA \ 481 ECDH-ECDSA-AES256-SHA \ 482 " 483 fi 484 if [ `minor_ver "$MODE"` -ge 3 ] 485 then 486 M_CIPHERS="$M_CIPHERS \ 487 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ 488 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ 489 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ 490 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ 491 TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \ 492 TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \ 493 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ 494 " 495 O_CIPHERS="$O_CIPHERS \ 496 ECDH-ECDSA-AES128-SHA256 \ 497 ECDH-ECDSA-AES256-SHA384 \ 498 ECDH-ECDSA-AES128-GCM-SHA256 \ 499 ECDH-ECDSA-AES256-GCM-SHA384 \ 500 ECDHE-ECDSA-ARIA256-GCM-SHA384 \ 501 ECDHE-ECDSA-ARIA128-GCM-SHA256 \ 502 ECDHE-ECDSA-CHACHA20-POLY1305 \ 503 " 504 fi 505 ;; 506 507 "RSA") 508 M_CIPHERS="$M_CIPHERS \ 509 TLS-RSA-WITH-DES-CBC-SHA \ 510 TLS-DHE-RSA-WITH-DES-CBC-SHA \ 511 " 512 O_CIPHERS="$O_CIPHERS \ 513 DES-CBC-SHA \ 514 EDH-RSA-DES-CBC-SHA \ 515 " 516 if [ `minor_ver "$MODE"` -ge 3 ] 517 then 518 M_CIPHERS="$M_CIPHERS \ 519 TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \ 520 TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \ 521 TLS-RSA-WITH-ARIA-256-GCM-SHA384 \ 522 TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \ 523 TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \ 524 TLS-RSA-WITH-ARIA-128-GCM-SHA256 \ 525 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ 526 TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \ 527 " 528 O_CIPHERS="$O_CIPHERS \ 529 ECDHE-ARIA256-GCM-SHA384 \ 530 DHE-RSA-ARIA256-GCM-SHA384 \ 531 ARIA256-GCM-SHA384 \ 532 ECDHE-ARIA128-GCM-SHA256 \ 533 DHE-RSA-ARIA128-GCM-SHA256 \ 534 ARIA128-GCM-SHA256 \ 535 DHE-RSA-CHACHA20-POLY1305 \ 536 ECDHE-RSA-CHACHA20-POLY1305 \ 537 " 538 fi 539 ;; 540 541 "PSK") 542 if [ `minor_ver "$MODE"` -ge 3 ] 543 then 544 M_CIPHERS="$M_CIPHERS \ 545 TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \ 546 TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \ 547 TLS-PSK-WITH-ARIA-256-GCM-SHA384 \ 548 TLS-PSK-WITH-ARIA-128-GCM-SHA256 \ 549 TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \ 550 TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ 551 TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \ 552 " 553 O_CIPHERS="$O_CIPHERS \ 554 DHE-PSK-ARIA256-GCM-SHA384 \ 555 DHE-PSK-ARIA128-GCM-SHA256 \ 556 PSK-ARIA256-GCM-SHA384 \ 557 PSK-ARIA128-GCM-SHA256 \ 558 DHE-PSK-CHACHA20-POLY1305 \ 559 ECDHE-PSK-CHACHA20-POLY1305 \ 560 PSK-CHACHA20-POLY1305 \ 561 " 562 fi 563 ;; 564 esac 565} 566 567# Ciphersuites usable only with Mbed TLS and GnuTLS 568# Each ciphersuite should appear two times, once with its GnuTLS name, once 569# with its Mbed TLS name. 570add_gnutls_ciphersuites() 571{ 572 case $TYPE in 573 574 "ECDSA") 575 if [ `minor_ver "$MODE"` -ge 3 ] 576 then 577 M_CIPHERS="$M_CIPHERS \ 578 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ 579 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ 580 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ 581 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ 582 TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ 583 TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ 584 TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 585 TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ 586 " 587 G_CIPHERS="$G_CIPHERS \ 588 +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \ 589 +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \ 590 +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \ 591 +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \ 592 +ECDHE-ECDSA:+AES-128-CCM:+AEAD \ 593 +ECDHE-ECDSA:+AES-256-CCM:+AEAD \ 594 +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD \ 595 +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD \ 596 " 597 fi 598 ;; 599 600 "RSA") 601 if [ `minor_ver "$MODE"` -gt 0 ] 602 then 603 M_CIPHERS="$M_CIPHERS \ 604 TLS-RSA-WITH-NULL-SHA256 \ 605 " 606 G_CIPHERS="$G_CIPHERS \ 607 +RSA:+NULL:+SHA256 \ 608 " 609 fi 610 if [ `minor_ver "$MODE"` -ge 3 ] 611 then 612 M_CIPHERS="$M_CIPHERS \ 613 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ 614 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ 615 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ 616 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ 617 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ 618 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ 619 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ 620 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ 621 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ 622 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ 623 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ 624 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ 625 TLS-RSA-WITH-AES-128-CCM \ 626 TLS-RSA-WITH-AES-256-CCM \ 627 TLS-DHE-RSA-WITH-AES-128-CCM \ 628 TLS-DHE-RSA-WITH-AES-256-CCM \ 629 TLS-RSA-WITH-AES-128-CCM-8 \ 630 TLS-RSA-WITH-AES-256-CCM-8 \ 631 TLS-DHE-RSA-WITH-AES-128-CCM-8 \ 632 TLS-DHE-RSA-WITH-AES-256-CCM-8 \ 633 " 634 G_CIPHERS="$G_CIPHERS \ 635 +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ 636 +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \ 637 +RSA:+CAMELLIA-128-CBC:+SHA256 \ 638 +RSA:+CAMELLIA-256-CBC:+SHA256 \ 639 +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ 640 +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \ 641 +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \ 642 +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \ 643 +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \ 644 +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \ 645 +RSA:+CAMELLIA-128-GCM:+AEAD \ 646 +RSA:+CAMELLIA-256-GCM:+AEAD \ 647 +RSA:+AES-128-CCM:+AEAD \ 648 +RSA:+AES-256-CCM:+AEAD \ 649 +RSA:+AES-128-CCM-8:+AEAD \ 650 +RSA:+AES-256-CCM-8:+AEAD \ 651 +DHE-RSA:+AES-128-CCM:+AEAD \ 652 +DHE-RSA:+AES-256-CCM:+AEAD \ 653 +DHE-RSA:+AES-128-CCM-8:+AEAD \ 654 +DHE-RSA:+AES-256-CCM-8:+AEAD \ 655 " 656 fi 657 ;; 658 659 "PSK") 660 M_CIPHERS="$M_CIPHERS \ 661 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ 662 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 663 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ 664 TLS-DHE-PSK-WITH-RC4-128-SHA \ 665 " 666 G_CIPHERS="$G_CIPHERS \ 667 +DHE-PSK:+3DES-CBC:+SHA1 \ 668 +DHE-PSK:+AES-128-CBC:+SHA1 \ 669 +DHE-PSK:+AES-256-CBC:+SHA1 \ 670 +DHE-PSK:+ARCFOUR-128:+SHA1 \ 671 " 672 if [ `minor_ver "$MODE"` -gt 0 ] 673 then 674 M_CIPHERS="$M_CIPHERS \ 675 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ 676 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 677 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ 678 TLS-ECDHE-PSK-WITH-RC4-128-SHA \ 679 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \ 680 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ 681 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 682 TLS-RSA-PSK-WITH-RC4-128-SHA \ 683 " 684 G_CIPHERS="$G_CIPHERS \ 685 +ECDHE-PSK:+3DES-CBC:+SHA1 \ 686 +ECDHE-PSK:+AES-128-CBC:+SHA1 \ 687 +ECDHE-PSK:+AES-256-CBC:+SHA1 \ 688 +ECDHE-PSK:+ARCFOUR-128:+SHA1 \ 689 +RSA-PSK:+3DES-CBC:+SHA1 \ 690 +RSA-PSK:+AES-256-CBC:+SHA1 \ 691 +RSA-PSK:+AES-128-CBC:+SHA1 \ 692 +RSA-PSK:+ARCFOUR-128:+SHA1 \ 693 " 694 fi 695 if [ `minor_ver "$MODE"` -ge 3 ] 696 then 697 M_CIPHERS="$M_CIPHERS \ 698 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 699 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ 700 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 701 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ 702 TLS-ECDHE-PSK-WITH-NULL-SHA384 \ 703 TLS-ECDHE-PSK-WITH-NULL-SHA256 \ 704 TLS-PSK-WITH-AES-128-CBC-SHA256 \ 705 TLS-PSK-WITH-AES-256-CBC-SHA384 \ 706 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ 707 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 708 TLS-PSK-WITH-NULL-SHA256 \ 709 TLS-PSK-WITH-NULL-SHA384 \ 710 TLS-DHE-PSK-WITH-NULL-SHA256 \ 711 TLS-DHE-PSK-WITH-NULL-SHA384 \ 712 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 713 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ 714 TLS-RSA-PSK-WITH-NULL-SHA256 \ 715 TLS-RSA-PSK-WITH-NULL-SHA384 \ 716 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ 717 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ 718 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ 719 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ 720 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ 721 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ 722 TLS-PSK-WITH-AES-128-GCM-SHA256 \ 723 TLS-PSK-WITH-AES-256-GCM-SHA384 \ 724 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ 725 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ 726 TLS-PSK-WITH-AES-128-CCM \ 727 TLS-PSK-WITH-AES-256-CCM \ 728 TLS-DHE-PSK-WITH-AES-128-CCM \ 729 TLS-DHE-PSK-WITH-AES-256-CCM \ 730 TLS-PSK-WITH-AES-128-CCM-8 \ 731 TLS-PSK-WITH-AES-256-CCM-8 \ 732 TLS-DHE-PSK-WITH-AES-128-CCM-8 \ 733 TLS-DHE-PSK-WITH-AES-256-CCM-8 \ 734 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ 735 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ 736 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ 737 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ 738 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ 739 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ 740 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ 741 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ 742 " 743 G_CIPHERS="$G_CIPHERS \ 744 +ECDHE-PSK:+AES-256-CBC:+SHA384 \ 745 +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ 746 +ECDHE-PSK:+AES-128-CBC:+SHA256 \ 747 +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ 748 +PSK:+AES-128-CBC:+SHA256 \ 749 +PSK:+AES-256-CBC:+SHA384 \ 750 +DHE-PSK:+AES-128-CBC:+SHA256 \ 751 +DHE-PSK:+AES-256-CBC:+SHA384 \ 752 +RSA-PSK:+AES-256-CBC:+SHA384 \ 753 +RSA-PSK:+AES-128-CBC:+SHA256 \ 754 +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ 755 +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ 756 +PSK:+CAMELLIA-128-CBC:+SHA256 \ 757 +PSK:+CAMELLIA-256-CBC:+SHA384 \ 758 +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \ 759 +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \ 760 +PSK:+AES-128-GCM:+AEAD \ 761 +PSK:+AES-256-GCM:+AEAD \ 762 +DHE-PSK:+AES-128-GCM:+AEAD \ 763 +DHE-PSK:+AES-256-GCM:+AEAD \ 764 +PSK:+AES-128-CCM:+AEAD \ 765 +PSK:+AES-256-CCM:+AEAD \ 766 +DHE-PSK:+AES-128-CCM:+AEAD \ 767 +DHE-PSK:+AES-256-CCM:+AEAD \ 768 +PSK:+AES-128-CCM-8:+AEAD \ 769 +PSK:+AES-256-CCM-8:+AEAD \ 770 +DHE-PSK:+AES-128-CCM-8:+AEAD \ 771 +DHE-PSK:+AES-256-CCM-8:+AEAD \ 772 +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \ 773 +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \ 774 +PSK:+CAMELLIA-128-GCM:+AEAD \ 775 +PSK:+CAMELLIA-256-GCM:+AEAD \ 776 +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \ 777 +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \ 778 +RSA-PSK:+AES-256-GCM:+AEAD \ 779 +RSA-PSK:+AES-128-GCM:+AEAD \ 780 +ECDHE-PSK:+NULL:+SHA384 \ 781 +ECDHE-PSK:+NULL:+SHA256 \ 782 +PSK:+NULL:+SHA256 \ 783 +PSK:+NULL:+SHA384 \ 784 +DHE-PSK:+NULL:+SHA256 \ 785 +DHE-PSK:+NULL:+SHA384 \ 786 +RSA-PSK:+NULL:+SHA256 \ 787 +RSA-PSK:+NULL:+SHA384 \ 788 " 789 fi 790 ;; 791 esac 792} 793 794# Ciphersuites usable only with Mbed TLS (not currently supported by another 795# peer usable in this script). This provide only very rudimentaty testing, as 796# this is not interop testing, but it's better than nothing. 797add_mbedtls_ciphersuites() 798{ 799 case $TYPE in 800 801 "ECDSA") 802 if [ `minor_ver "$MODE"` -gt 0 ] 803 then 804 M_CIPHERS="$M_CIPHERS \ 805 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ 806 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ 807 " 808 fi 809 if [ `minor_ver "$MODE"` -ge 3 ] 810 then 811 M_CIPHERS="$M_CIPHERS \ 812 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ 813 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ 814 TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \ 815 TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \ 816 TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \ 817 TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \ 818 TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \ 819 TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \ 820 " 821 fi 822 ;; 823 824 "RSA") 825 if [ `minor_ver "$MODE"` -ge 3 ] 826 then 827 M_CIPHERS="$M_CIPHERS \ 828 TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \ 829 TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \ 830 TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \ 831 TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \ 832 TLS-RSA-WITH-ARIA-256-CBC-SHA384 \ 833 TLS-RSA-WITH-ARIA-128-CBC-SHA256 \ 834 " 835 fi 836 ;; 837 838 "PSK") 839 # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 840 M_CIPHERS="$M_CIPHERS \ 841 TLS-PSK-WITH-NULL-SHA \ 842 TLS-DHE-PSK-WITH-NULL-SHA \ 843 " 844 if [ `minor_ver "$MODE"` -gt 0 ] 845 then 846 M_CIPHERS="$M_CIPHERS \ 847 TLS-ECDHE-PSK-WITH-NULL-SHA \ 848 TLS-RSA-PSK-WITH-NULL-SHA \ 849 " 850 fi 851 if [ `minor_ver "$MODE"` -ge 3 ] 852 then 853 M_CIPHERS="$M_CIPHERS \ 854 TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \ 855 TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \ 856 TLS-PSK-WITH-ARIA-256-CBC-SHA384 \ 857 TLS-PSK-WITH-ARIA-128-CBC-SHA256 \ 858 TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \ 859 TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \ 860 TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \ 861 TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \ 862 TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \ 863 TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \ 864 TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \ 865 " 866 fi 867 ;; 868 esac 869} 870 871setup_arguments() 872{ 873 G_MODE="" 874 case "$MODE" in 875 "ssl3") 876 G_PRIO_MODE="+VERS-SSL3.0" 877 ;; 878 "tls1") 879 G_PRIO_MODE="+VERS-TLS1.0" 880 ;; 881 "tls1_1") 882 G_PRIO_MODE="+VERS-TLS1.1" 883 ;; 884 "tls12") 885 G_PRIO_MODE="+VERS-TLS1.2" 886 ;; 887 "dtls1") 888 G_PRIO_MODE="+VERS-DTLS1.0" 889 G_MODE="-u" 890 ;; 891 "dtls12") 892 G_PRIO_MODE="+VERS-DTLS1.2" 893 G_MODE="-u" 894 ;; 895 *) 896 echo "error: invalid mode: $MODE" >&2 897 exit 1; 898 esac 899 900 # GnuTLS < 3.4 will choke if we try to allow CCM-8 901 if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then 902 G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:" 903 else 904 G_PRIO_CCM="" 905 fi 906 907 M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" 908 O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" 909 G_SERVER_ARGS="-p $PORT --http $G_MODE" 910 G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" 911 912 # The default prime for `openssl s_server` depends on the version: 913 # * OpenSSL <= 1.0.2a: 512-bit 914 # * OpenSSL 1.0.2b to 1.1.1b: 1024-bit 915 # * OpenSSL >= 1.1.1c: 2048-bit 916 # Mbed TLS wants >=1024, so force that for older versions. Don't force 917 # it for newer versions, which reject a 1024-bit prime. Indifferently 918 # force it or not for intermediate versions. 919 case $($OPENSSL_CMD version) in 920 "OpenSSL 1.0"*) 921 O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem" 922 ;; 923 esac 924 925 # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes 926 if is_dtls "$MODE"; then 927 O_SERVER_ARGS="$O_SERVER_ARGS" 928 else 929 O_SERVER_ARGS="$O_SERVER_ARGS -www" 930 fi 931 932 M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" 933 O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" 934 G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" 935 G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" 936 937 if [ "X$VERIFY" = "XYES" ]; 938 then 939 M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" 940 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10" 941 G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert" 942 943 M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" 944 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10" 945 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt" 946 else 947 # don't request a client cert at all 948 M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" 949 G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" 950 951 M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none" 952 O_CLIENT_ARGS="$O_CLIENT_ARGS" 953 G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" 954 fi 955 956 case $TYPE in 957 "ECDSA") 958 M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" 959 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" 960 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 961 962 if [ "X$VERIFY" = "XYES" ]; then 963 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" 964 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" 965 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key" 966 else 967 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" 968 fi 969 ;; 970 971 "RSA") 972 M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" 973 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key" 974 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key" 975 976 if [ "X$VERIFY" = "XYES" ]; then 977 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key" 978 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key" 979 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key" 980 else 981 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" 982 fi 983 ;; 984 985 "PSK") 986 # give RSA-PSK-capable server a RSA cert 987 # (should be a separate type, but harder to close with openssl) 988 M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" 989 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" 990 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" 991 992 M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" 993 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" 994 G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" 995 ;; 996 esac 997} 998 999# is_mbedtls <cmd_line> 1000is_mbedtls() { 1001 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null 1002} 1003 1004# has_mem_err <log_file_name> 1005has_mem_err() { 1006 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 1007 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 1008 then 1009 return 1 # false: does not have errors 1010 else 1011 return 0 # true: has errors 1012 fi 1013} 1014 1015# Wait for process $2 to be listening on port $1 1016if type lsof >/dev/null 2>/dev/null; then 1017 wait_server_start() { 1018 START_TIME=$(date +%s) 1019 if is_dtls "$MODE"; then 1020 proto=UDP 1021 else 1022 proto=TCP 1023 fi 1024 while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do 1025 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 1026 echo "SERVERSTART TIMEOUT" 1027 echo "SERVERSTART TIMEOUT" >> $SRV_OUT 1028 break 1029 fi 1030 # Linux and *BSD support decimal arguments to sleep. On other 1031 # OSes this may be a tight loop. 1032 sleep 0.1 2>/dev/null || true 1033 done 1034 } 1035else 1036 echo "Warning: lsof not available, wait_server_start = sleep" 1037 wait_server_start() { 1038 sleep 2 1039 } 1040fi 1041 1042 1043# start_server <name> 1044# also saves name and command 1045start_server() { 1046 case $1 in 1047 [Oo]pen*) 1048 SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS" 1049 ;; 1050 [Gg]nu*) 1051 SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" 1052 ;; 1053 mbed*) 1054 SERVER_CMD="$M_SRV $M_SERVER_ARGS" 1055 if [ "$MEMCHECK" -gt 0 ]; then 1056 SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" 1057 fi 1058 ;; 1059 *) 1060 echo "error: invalid server name: $1" >&2 1061 exit 1 1062 ;; 1063 esac 1064 SERVER_NAME=$1 1065 1066 log "$SERVER_CMD" 1067 echo "$SERVER_CMD" > $SRV_OUT 1068 # for servers without -www or equivalent 1069 while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & 1070 PROCESS_ID=$! 1071 1072 wait_server_start "$PORT" "$PROCESS_ID" 1073} 1074 1075# terminate the running server 1076stop_server() { 1077 kill $PROCESS_ID 2>/dev/null 1078 wait $PROCESS_ID 2>/dev/null 1079 1080 if [ "$MEMCHECK" -gt 0 ]; then 1081 if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then 1082 echo " ! Server had memory errors" 1083 SRVMEM=$(( $SRVMEM + 1 )) 1084 return 1085 fi 1086 fi 1087 1088 rm -f $SRV_OUT 1089} 1090 1091# kill the running server (used when killed by signal) 1092cleanup() { 1093 rm -f $SRV_OUT $CLI_OUT 1094 kill $PROCESS_ID >/dev/null 2>&1 1095 kill $WATCHDOG_PID >/dev/null 2>&1 1096 exit 1 1097} 1098 1099# wait for client to terminate and set EXIT 1100# must be called right after starting the client 1101wait_client_done() { 1102 CLI_PID=$! 1103 1104 ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) & 1105 WATCHDOG_PID=$! 1106 1107 wait $CLI_PID 1108 EXIT=$? 1109 1110 kill $WATCHDOG_PID 1111 wait $WATCHDOG_PID 1112 1113 echo "EXIT: $EXIT" >> $CLI_OUT 1114} 1115 1116# run_client <name> <cipher> 1117run_client() { 1118 # announce what we're going to do 1119 TESTS=$(( $TESTS + 1 )) 1120 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') 1121 TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`" 1122 TITLE="$TITLE $MODE,$VERIF $2" 1123 printf "%s " "$TITLE" 1124 LEN=$(( 72 - `echo "$TITLE" | wc -c` )) 1125 for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' 1126 1127 # should we skip? 1128 if [ "X$SKIP_NEXT" = "XYES" ]; then 1129 SKIP_NEXT="NO" 1130 echo "SKIP" 1131 SKIPPED=$(( $SKIPPED + 1 )) 1132 return 1133 fi 1134 1135 # run the command and interpret result 1136 case $1 in 1137 [Oo]pen*) 1138 CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2" 1139 log "$CLIENT_CMD" 1140 echo "$CLIENT_CMD" > $CLI_OUT 1141 printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & 1142 wait_client_done 1143 1144 if [ $EXIT -eq 0 ]; then 1145 RESULT=0 1146 else 1147 # If the cipher isn't supported... 1148 if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then 1149 RESULT=1 1150 else 1151 RESULT=2 1152 fi 1153 fi 1154 ;; 1155 1156 [Gg]nu*) 1157 # need to force IPv4 with UDP, but keep localhost for auth 1158 if is_dtls "$MODE"; then 1159 G_HOST="127.0.0.1" 1160 else 1161 G_HOST="localhost" 1162 fi 1163 CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST" 1164 log "$CLIENT_CMD" 1165 echo "$CLIENT_CMD" > $CLI_OUT 1166 printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & 1167 wait_client_done 1168 1169 if [ $EXIT -eq 0 ]; then 1170 RESULT=0 1171 else 1172 RESULT=2 1173 # interpret early failure, with a handshake_failure alert 1174 # before the server hello, as "no ciphersuite in common" 1175 if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then 1176 if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then : 1177 else 1178 RESULT=1 1179 fi 1180 fi >/dev/null 1181 fi 1182 ;; 1183 1184 mbed*) 1185 CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2" 1186 if [ "$MEMCHECK" -gt 0 ]; then 1187 CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" 1188 fi 1189 log "$CLIENT_CMD" 1190 echo "$CLIENT_CMD" > $CLI_OUT 1191 $CLIENT_CMD >> $CLI_OUT 2>&1 & 1192 wait_client_done 1193 1194 case $EXIT in 1195 # Success 1196 "0") RESULT=0 ;; 1197 1198 # Ciphersuite not supported 1199 "2") RESULT=1 ;; 1200 1201 # Error 1202 *) RESULT=2 ;; 1203 esac 1204 1205 if [ "$MEMCHECK" -gt 0 ]; then 1206 if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then 1207 RESULT=2 1208 fi 1209 fi 1210 1211 ;; 1212 1213 *) 1214 echo "error: invalid client name: $1" >&2 1215 exit 1 1216 ;; 1217 esac 1218 1219 echo "EXIT: $EXIT" >> $CLI_OUT 1220 1221 # report and count result 1222 case $RESULT in 1223 "0") 1224 echo PASS 1225 ;; 1226 "1") 1227 echo SKIP 1228 SKIPPED=$(( $SKIPPED + 1 )) 1229 ;; 1230 "2") 1231 echo FAIL 1232 cp $SRV_OUT c-srv-${TESTS}.log 1233 cp $CLI_OUT c-cli-${TESTS}.log 1234 echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" 1235 1236 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 1237 echo " ! server output:" 1238 cat c-srv-${TESTS}.log 1239 echo " ! ===================================================" 1240 echo " ! client output:" 1241 cat c-cli-${TESTS}.log 1242 fi 1243 1244 FAILED=$(( $FAILED + 1 )) 1245 ;; 1246 esac 1247 1248 rm -f $CLI_OUT 1249} 1250 1251# 1252# MAIN 1253# 1254 1255if cd $( dirname $0 ); then :; else 1256 echo "cd $( dirname $0 ) failed" >&2 1257 exit 1 1258fi 1259 1260get_options "$@" 1261 1262# sanity checks, avoid an avalanche of errors 1263if [ ! -x "$M_SRV" ]; then 1264 echo "Command '$M_SRV' is not an executable file" >&2 1265 exit 1 1266fi 1267if [ ! -x "$M_CLI" ]; then 1268 echo "Command '$M_CLI' is not an executable file" >&2 1269 exit 1 1270fi 1271 1272if echo "$PEERS" | grep -i openssl > /dev/null; then 1273 if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else 1274 echo "Command '$OPENSSL_CMD' not found" >&2 1275 exit 1 1276 fi 1277fi 1278 1279if echo "$PEERS" | grep -i gnutls > /dev/null; then 1280 for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do 1281 if which "$CMD" >/dev/null 2>&1; then :; else 1282 echo "Command '$CMD' not found" >&2 1283 exit 1 1284 fi 1285 done 1286fi 1287 1288for PEER in $PEERS; do 1289 case "$PEER" in 1290 mbed*|[Oo]pen*|[Gg]nu*) 1291 ;; 1292 *) 1293 echo "Unknown peers: $PEER" >&2 1294 exit 1 1295 esac 1296done 1297 1298# Pick a "unique" port in the range 10000-19999. 1299PORT="0000$$" 1300PORT="1$(echo $PORT | tail -c 5)" 1301 1302# Also pick a unique name for intermediate files 1303SRV_OUT="srv_out.$$" 1304CLI_OUT="cli_out.$$" 1305 1306# client timeout delay: be more patient with valgrind 1307if [ "$MEMCHECK" -gt 0 ]; then 1308 DOG_DELAY=30 1309else 1310 DOG_DELAY=10 1311fi 1312 1313SKIP_NEXT="NO" 1314 1315trap cleanup INT TERM HUP 1316 1317for VERIFY in $VERIFIES; do 1318 for MODE in $MODES; do 1319 for TYPE in $TYPES; do 1320 for PEER in $PEERS; do 1321 1322 setup_arguments 1323 1324 case "$PEER" in 1325 1326 [Oo]pen*) 1327 1328 if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then 1329 continue; 1330 fi 1331 1332 reset_ciphersuites 1333 add_common_ciphersuites 1334 add_openssl_ciphersuites 1335 filter_ciphersuites 1336 1337 if [ "X" != "X$M_CIPHERS" ]; then 1338 start_server "OpenSSL" 1339 for i in $M_CIPHERS; do 1340 check_openssl_server_bug $i 1341 run_client mbedTLS $i 1342 done 1343 stop_server 1344 fi 1345 1346 if [ "X" != "X$O_CIPHERS" ]; then 1347 start_server "mbedTLS" 1348 for i in $O_CIPHERS; do 1349 run_client OpenSSL $i 1350 done 1351 stop_server 1352 fi 1353 1354 ;; 1355 1356 [Gg]nu*) 1357 1358 reset_ciphersuites 1359 add_common_ciphersuites 1360 add_gnutls_ciphersuites 1361 filter_ciphersuites 1362 1363 if [ "X" != "X$M_CIPHERS" ]; then 1364 start_server "GnuTLS" 1365 for i in $M_CIPHERS; do 1366 run_client mbedTLS $i 1367 done 1368 stop_server 1369 fi 1370 1371 if [ "X" != "X$G_CIPHERS" ]; then 1372 start_server "mbedTLS" 1373 for i in $G_CIPHERS; do 1374 run_client GnuTLS $i 1375 done 1376 stop_server 1377 fi 1378 1379 ;; 1380 1381 mbed*) 1382 1383 reset_ciphersuites 1384 add_common_ciphersuites 1385 add_openssl_ciphersuites 1386 add_gnutls_ciphersuites 1387 add_mbedtls_ciphersuites 1388 filter_ciphersuites 1389 1390 if [ "X" != "X$M_CIPHERS" ]; then 1391 start_server "mbedTLS" 1392 for i in $M_CIPHERS; do 1393 run_client mbedTLS $i 1394 done 1395 stop_server 1396 fi 1397 1398 ;; 1399 1400 *) 1401 echo "Unknown peer: $PEER" >&2 1402 exit 1 1403 ;; 1404 1405 esac 1406 1407 done 1408 done 1409 done 1410done 1411 1412echo "------------------------------------------------------------------------" 1413 1414if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; 1415then 1416 printf "FAILED" 1417else 1418 printf "PASSED" 1419fi 1420 1421if [ "$MEMCHECK" -gt 0 ]; then 1422 MEMREPORT=", $SRVMEM server memory errors" 1423else 1424 MEMREPORT="" 1425fi 1426 1427PASSED=$(( $TESTS - $FAILED )) 1428echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))" 1429 1430FAILED=$(( $FAILED + $SRVMEM )) 1431exit $FAILED 1432
